Setuid
868
Comment: Added /usr/lib/pt_chown from glibc
|
1217
Adding cdrtools and the location where each app drops privs
|
Deletions are marked like this. | Additions are marked like this. |
Line 4: | Line 4: |
|| iputils || /bin/ping, /bin/ping6, /bin/arping, /usr/bin/traceroute6.iputils || yes || possible || UNKNOWN || || | || iputils || /bin/ping, /bin/ping6, /bin/arping, /usr/bin/traceroute6.iputils || yes || possible || UNKNOWN || *line 129 ping.c, *line 217 ping6.c, *line 314 arping.c, *line 343 traceroute6.c || |
Line 6: | Line 6: |
|| mtr || /usr/bin/mtr || yes || possible || n/a || n/a || | || mtr || /usr/bin/mtr || yes || possible || n/a || *line 333 in mtr.c || |
Line 8: | Line 8: |
|| glibc || /usr/lib/pt_chown || yes || possible || n/a || || | || glibc || /usr/lib/pt_chown || yes || possible || n/a || *line 147 in glibc-2.6.1/login/programs/pt_chown.c|| || cdrtools || /usr/bin/cdrecord || yes || possible || n/a || *line 1120 in cdrecord/cdrecord.c || * - Where in the software the privileges are dropped using the setuid() or setreuid() system calls. |
This is a list of setuid applications that need investigation. See the [https://lists.ubuntu.com/archives/ubuntu-hardened/2007-October/000217.html mailinglist post] about this for more information.
Source Package Name |
setuid Files |
De-rooted |
Capabilities |
Changes Sent Upstream |
Comments |
iputils |
/bin/ping, /bin/ping6, /bin/arping, /usr/bin/traceroute6.iputils |
yes |
possible |
UNKNOWN |
*line 129 ping.c, *line 217 ping6.c, *line 314 arping.c, *line 343 traceroute6.c |
fping |
/bin/fping |
needed |
|
no |
Checks: if ( geteuid() ) {... exit(3); Will patch and send upstream -JeffSchroeder |
mtr |
/usr/bin/mtr |
yes |
possible |
n/a |
*line 333 in mtr.c |
util-linux |
/bin/mount, /bin/umount |
needed |
no |
n/a |
Checks: if (getuid () != geteuid ()). Should check for CAP_SYS_ADMIN capability |
glibc |
/usr/lib/pt_chown |
yes |
possible |
n/a |
*line 147 in glibc-2.6.1/login/programs/pt_chown.c |
cdrtools |
/usr/bin/cdrecord |
yes |
possible |
n/a |
*line 1120 in cdrecord/cdrecord.c |
* - Where in the software the privileges are dropped using the setuid() or setreuid() system calls.
Security/Investigation/Setuid (last edited 2013-07-23 07:07:01 by 74)